There has been a lot of discussion lately about privacy and cloud computing, which involves storing data in a server that could be accessed from any Internet connection. Recently, a hacker was able break into a Twitter employee’s e-mail account and through that was able to get to confidential business documents that were stored on the business version of Google Apps — a paid cloud computing service.
The World Privacy Forum has written to Los Angeles Mayor Antonio Villaraigosa (pdf) raising questions about a proposal to move the city’s e-mail system, internal data and public records to Google’s cloud computing service. One of the most important privacy questions involves the fact that the physical location of the “in the cloud” server where the data is housed could be in any country.
The contract (page 45) allows Google to store City data in any other country where the company maintains facilities. City data could become subject to the laws of these countries by virtue its being processed by Google. Sensitive data about the City or its citizens could be subject to civil process in these countries, for example, to search and seizure under laws that are much less stringent than would apply if the information were maintained in California, or to other law enforcement access.
Worse, data stored online has less privacy protection both in practice and under the law. […] Before, the bad guys usually needed to get their hands on people’s computers to see their secrets; in today’s cloud all you need is a password.
Thanks in part to the Patriot Act, the federal government has been able to demand some details of your online activities from service providers — and not to tell you about it. There have been thousands of such requests lodged since the law was passed, and the F.B.I.’s own audits have shown that there can be plenty of overreach — perhaps wholly inadvertent — in requests like these.
The cloud can be even more dangerous abroad, as it makes it much easier for authoritarian regimes to spy on their citizens. The Chinese government has used the Chinese version of Skype instant messaging software to monitor text conversations and block undesirable words and phrases. It and other authoritarian regimes routinely monitor all Internet traffic — which, except for e-commerce and banking transactions, is rarely encrypted against prying eyes. […]
And some governments can be persuaded — or perhaps required by their independent judiciaries — to treat data entrusted to the cloud with the same level of privacy protection as data held personally. The Supreme Court declared in 1961 that a police search of a rented house for a whiskey still was a violation of the Fourth Amendment privacy rights of the tenant, even though the landlord had given permission for the search. Information stored in the cloud deserves similar safeguards.
You can learn more about privacy and security questions connected to cloud computing in a report (pdf) from the World Privacy Forum, “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing.” Also, in the New York Law Journal, Shari Claire Lewis recently about the legal issues that arise with cloud computing.